CVE-2008-6957 Information

Description

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions possibly involving predictable generation of the id parameter.

Reference

http://secunia.com/advisories/32731 http://www.80vul.com/dzvul/sodb/14/dz-exp-sodb-2008-14_php.htm http://www.discuz.net/archiver/?tid-1112426.html http://www.securityfocus.com/bid/32424 https://exchange.xforce.ibmcloud.com/vulnerabilities/46785 https://www.exploit-db.com/exploits/7185